[go: up one dir, main page]

CN1211330A - e-commerce processing system - Google Patents

e-commerce processing system Download PDF

Info

Publication number
CN1211330A
CN1211330A CN97192329A CN97192329A CN1211330A CN 1211330 A CN1211330 A CN 1211330A CN 97192329 A CN97192329 A CN 97192329A CN 97192329 A CN97192329 A CN 97192329A CN 1211330 A CN1211330 A CN 1211330A
Authority
CN
China
Prior art keywords
card
card holder
party
data
commodity
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN97192329A
Other languages
Chinese (zh)
Inventor
马场芳美
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Card Call Service Co Ltd
Original Assignee
Card Call Service Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Card Call Service Co Ltd filed Critical Card Call Service Co Ltd
Publication of CN1211330A publication Critical patent/CN1211330A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/02Payment architectures, schemes or protocols involving a neutral party, e.g. certification authority, notary or trusted third party [TTP]
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/04Payment circuits
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • G06Q20/12Payment architectures specially adapted for electronic shopping systems
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3823Payment protocols; Details thereof insuring higher security of transaction combining multiple encryption tools for a transaction
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q30/00Commerce
    • G06Q30/06Buying, selling or leasing transactions
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1016Devices or methods for securing the PIN and other transaction-data, e.g. by encryption

Landscapes

  • Business, Economics & Management (AREA)
  • Accounting & Taxation (AREA)
  • Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • Finance (AREA)
  • Computer Security & Cryptography (AREA)
  • Development Economics (AREA)
  • Economics (AREA)
  • Marketing (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
  • Storage Device Security (AREA)
  • Computer And Data Communications (AREA)
  • Control Of Vending Devices And Auxiliary Devices For Vending Devices (AREA)

Abstract

A simple, general-purpose electronic commerce system through on-line communication using a credit card without risks of doing a deal with a bogus merchandise dealer, ensuring safe business dealings. When a card holder purchases an article from a merchandise dealer, the card holder terminal enciphers partial data relating to parties including the merchandise dealer, the card manager, and the distribution dealer of the order data, using a common encryption key effective only between the parties and then transmits the enciphered data to the terminals via the terminal of the merchandise dealer. Each party does its desired business dealing by deciphering the partial data related to itself, using the encryption key in common with that of the card holder.

Description

电子商务处理系统e-commerce processing system

技术领域technical field

本发明涉及应用国际互联网(internet)、个人计算机通信等联机通信、进行商务处理的电子商务处理系统,具体涉及使用信用卡、记帐卡等货款支付用卡的电子商务处理系统。The present invention relates to an electronic commerce processing system using Internet, personal computer communication and other on-line communication to carry out business processing, in particular to an electronic commerce processing system using payment cards such as credit cards and debit cards.

背景技术Background technique

近年来,随着国际互联网、个人计算机通信等的普及,这些网络用户通常已经借助国际互联网上的电子邮购或个人计算机通信向商店等商品销售者通过联机通信以定购所需商品,进行该商品的购买。In recent years, with the popularization of Internet, personal computer communication, etc., these network users have usually used electronic mail order on the Internet or personal computer communication to shop and other commodity sellers to order the required goods through online communication, and carry out the purchase of the goods. Buy.

在这种商务处理中,想要购入商品的客户预先持有信用卡、记帐卡等货款支付用卡,在购入商品时,从该卡持有者的终端装置经网络向商品销售者通信发送该购买者即卡持有人的姓名、地址、电话号码和要购买商品种类、数量等数据,以及该卡持有人的卡的号码及有效期等数据。然后,商品销售者根据在自己的终端装置接收到的上述数据从卡管理者(发卡公司)对卡持有者进行认证,并进行商品发送手续(包括向运输服务者委托商品发送)和向发卡公司请求支付货款等处理。而发卡公司进行如下处理,即根据商品销售者提供的卡持有者姓名、住所、电话号码、卡号码及有效期等将为商品销售者进行卡持有者的认证,再根据商品销售者提供的商品货款等数据从卡持有者户头中扣除商品货款(商品货款结帐)等。In this kind of business process, a customer who wants to purchase a product has a payment card such as a credit card or a debit card in advance, and when purchasing a product, the terminal device of the card holder communicates with the product seller via the network. Send data such as the name, address, telephone number of the buyer, the card holder, and the type and quantity of the commodity to be purchased, as well as the card number and expiration date of the card holder. Then, the product seller authenticates the card holder from the card manager (card issuing company) based on the above-mentioned data received at his own terminal device, and performs the product delivery procedure (including entrusting the delivery of the product to the transport service provider) and sending the card to the card issuing company. The company requests processing such as payment for goods. The card issuing company will carry out the following processing, that is, according to the card holder's name, address, telephone number, card number and validity period provided by the commodity seller, the commodity seller will carry out the authentication of the card holder, and then according to the commodity seller provided. Data such as product payment is deducted from the card holder's account (product payment settlement) and the like.

在上述电子商务处理系统中,已往已经指出存在侵入(hacking窃取通信数据)、击破(craking,篡改通信数据)、或假冒卡持有者、商品服务器(商品销售者终端)获取者网关(acquirer gateway,卡管理者终端)等的危险性。In the above-mentioned e-commerce processing system, it has been pointed out in the past that there are intrusion (hacking to steal communication data), cracking (craking, tampering with communication data), or counterfeit card holders, commodity servers (commodity seller terminals) acquirer gateways , card manager terminal) etc.

此时,如对于假冒卡持有者,可借助卡管理者保管的卡号码等数据库,在一定程度上加以防止。另外,通常对每个卡持有者的卡的支付金额,设定其上限,故假冒卡持有者造成的损失不会有太大的金额。At this time, for example, counterfeit card holders can be prevented to a certain extent with the help of databases such as card numbers kept by the card manager. In addition, the upper limit is generally set for the payment amount of the card of each card holder, so the loss caused by the counterfeit card holder does not have a large amount of money.

但是另外情况则不同,尤其是假冒商品销售者,该假冒的商品销售者可能收集多个卡号码,有效期等卡的信息,因盗用这些卡信息,故会产生比上述大得多的损失。But other situations are different, especially for counterfeit commodity sellers, who may collect multiple card numbers, validity periods and other card information, and because of misappropriating these card information, it will produce much larger losses than the above.

作为解决上述问题的对策,已往采用卡持有者的识别号(ID号)和口令、或与它们相当的数据进行通信,或通常构筑封闭式用户组(closed user group),使得所述识别号和通行字即使被盗用,也不会对利用该卡已进行的商务处理带来影响。但是,采用上述系统要想解决上述问题是困难的。As a countermeasure to solve the above-mentioned problems, in the past, the card holder's identification number (ID number) and password, or data corresponding to them were used for communication, or a closed user group (closed user group) was usually constructed so that the identification number Even if the password and password are stolen, it will not affect the business transactions that have been carried out using the card. However, it is difficult to solve the above-mentioned problems with the above-mentioned system.

另外,虽然人们在不断地提出用DES等流式公用键密码对通信数据加密和用RSA密码等公开键密码进行认证等针对上述各个问题的对策方案,但实际上仍未构筑成简单通用的电子商务处理系统。In addition, although people are constantly proposing countermeasures for the above-mentioned problems, such as encrypting communication data with stream public key ciphers such as DES and performing authentication with public key ciphers such as RSA ciphers, in fact, they have not yet been constructed into a simple and universal electronic cipher. business processing system.

本发明鉴于上述背景技术情况,其目的在于在利用货款支付用卡联机通信的电子商务处理系统中,提供一种能消除假冒商品销售者等带来危害性的确保商务处理安全性且简易通用的电子商务处理系统。In view of the above-mentioned background technical situation, the purpose of the present invention is to provide a simple and general-purpose system that can eliminate the harm caused by counterfeit commodity sellers, etc. E-commerce processing system.

本发明的揭示Disclosure of the present invention

为完成上述发明目的,本发明的电子商务处理系统是一种至少将商品销售者、使用货款支付用卡从所述商品销售者购入商品的卡持有者和对利用该卡完成货款支付进行管理的卡管理者作为当事者,通过包含各当事者具有的终端装置在内的网络中联机通信进行商务处理的系统,其特征在于,当所述卡持有者使用所述卡从所述商品销售者购入商品时,该卡持有者通过本身终端装置用仅分别与各当事者间有效的公用密码键对购入所述商品用定购数据中除该卡持有者外的与各当事者相关的部分加密后,将包括这些加密后的数据一起构成的加密定购数据从该卡持有者终端装置经由所述商品销售者终端装置通信发送到除该卡持有者外的各当事者,接收到该加密定购数据的各当事者通过各自终端装置用与所述卡持有者公用的所述公用密码键对所述加密定购数据中仅涉及本身的部分数据进行解码,在进行这种解码的当事者中,所述卡管理者根据自身终端装置解码后的部分数据,进行包括向所述商品销售者提供对所述卡持有者认证的处理在内的涉及卡管理者的商务处理,所述商品销售者根据自身终端装置解码后的部分数据和所述卡管理者已提供的对所述卡持有者的认证,进行包括为发送所述商品的处理在内的涉及该商品销售者的商务处理。In order to accomplish the above-mentioned purpose of the invention, the e-commerce processing system of the present invention is a kind of at least the commodity seller, the card holder who purchases commodities from the commodity seller using the card for payment of goods, and the completion of the payment of goods by using the card. A system in which the managed card manager, as the principal, conducts business processing through online communication in a network including terminal devices owned by each principal, is characterized in that when the card holder uses the card from the commodity seller When purchasing goods, the card holder uses the public encryption key valid only between each party through his own terminal device to purchase the part related to each party other than the card holder in the order data for the said goods. After encryption, the encrypted order data composed of these encrypted data is sent from the card holder terminal device via the commodity seller terminal device to each party except the card holder, and the encrypted order data is received. Each party of the order data decodes a part of the encrypted order data concerning itself only by using the common cryptographic key common to the card holder through their respective terminal devices, and among the parties performing such decoding, all The card manager conducts business processes related to the card manager including providing the commodity seller with authentication of the card holder based on the partial data decoded by his own terminal device, and the commodity seller according to With the partial data decoded by the own terminal device and the authentication of the card holder provided by the card manager, business processing related to the product seller including processing for delivery of the product is performed.

按照上述本发明,使用货款支付用卡欲从所述商品销售者购入商品的卡持有者用仅在各当事者间有效的公用密码键对所述定购数据中涉及所述商品销售者和卡管理者等除该卡持有者外的各当事者的部分数据进行加密,在此基础上,从该卡持有者终端装置经由商品销售者终端装置将这些加密后数据解码构成的加密定购数据通信发送给包含该商品销售者在内的各当事者。这样一来,通过对定购数据加密,故能保住其机密性。According to the above-mentioned present invention, the card holder who intends to purchase commodities from the commodity seller using the payment card uses the public encryption key valid only among the parties involved in the order data related to the commodity seller and the card. Part of the data of each party other than the card holder, such as the manager, is encrypted, and on this basis, encrypted order data communication consisting of decrypting these encrypted data from the card holder's terminal device via the product seller's terminal device Send to each party concerned including the seller of the product. In this way, by encrypting the order data, its confidentiality can be maintained.

此外,收到该加密定购数据的商品销售者、卡管理者等各当事者,用与所述卡保持者间的公用密码键从该加密定购数据中解码出与该当事者有关的部分数据。此时,对于仅涉及及其它当事者的部分数据而言,各当事者因没有用于对其解码的公用密码键,故不能获知该部分数据解码后的内容,换言之,所述当事者仅能在相关范围内知道所述定购数据的内容。因此,当事者不能盗用与其无关的部分数据。因而,所述当事者中,卡管理者根据解码后部分数据进行包含向所述商品销售者提供对所述卡持有者认证的处理在内的涉及该卡管理者的商务处理,所述商品销售者根据自身终端装置解码后的部分数据和所述卡管理者提供的对所述卡持有者的认证,进行包含向所述卡持有者递送所述商品的处理在内的涉及该商品销售者的商务处理。由此,可进行电子商务处理。In addition, parties such as merchandise sellers and card managers who have received the encrypted order data decode part of the data related to the parties from the encrypted order data using the common encryption key with the card holder. At this time, for some data that only involves other parties, each party cannot know the decoded content of this part of data because each party does not have a public encryption key for decoding it. The content of the order data is known internally. Therefore, the party concerned cannot misappropriate part of the data irrelevant to it. Therefore, among the parties concerned, the card manager conducts business processing involving the card manager including the process of providing the card holder authentication to the product seller based on the decoded partial data. According to the part of the data decoded by the terminal device of the user itself and the authentication of the card holder provided by the card manager, the user conducts the sale of the product including the process of delivering the product to the card holder. The business process of the reader. Thereby, e-commerce processing can be performed.

因此,按照本发明,对定购数据加密后进行通信,故能确保其机密,同时所述卡持有者外的各当事者只能获知所述定购数据中所需最低限度的数据。为此,假设即使有第三者假冒商品销售者,该假冒的商品销售者也不能获取如卡号码或有效期等仅与卡管理者有关的信息,从而假冒商品销售者不能获得实际效果。由此,按照本发明,能消除假冒商品销售者等的危险性,并能确保商务处理的安全性。另外,在所述卡持有者终端装置中生成的加密定购数据由于经由商品销售者分配给各当事者,故卡持有者购买商品时,实质上只要将所述加密定购数据仅通信发送给商品销售者即可,从而能实现简单的电子商务处理系统。Therefore, according to the present invention, order data is encrypted and communicated, so that its confidentiality can be ensured, and parties other than the card holder can know only the minimum necessary data of the order data. For this reason, it is assumed that even if a third party counterfeit the merchandise seller, the counterfeit merchandise seller cannot obtain information related only to the card manager such as the card number or expiration date, so that the counterfeit merchandise seller cannot obtain actual effects. Thus, according to the present invention, the danger of counterfeit product sellers and the like can be eliminated, and the safety of business processing can be ensured. In addition, since the encrypted order data generated in the card holder terminal device is distributed to each party concerned via the product seller, when the card holder purchases a product, the encrypted order data is substantially only communicated to the product. Only the seller is required, and a simple electronic commerce processing system can be realized.

在上述本发明电子商务处理系统中,有时所述定购数据也包含所述商品的发送地(它不限于所述卡持有者的地址),另外,作为所述当事者有时也还包括发送商品的运输服务者。In the above-mentioned e-commerce processing system of the present invention, the order data may also include the place of delivery of the product (it is not limited to the address of the card holder), and the person in charge may also include the sender of the product. transport service provider.

然而此时,最好仅用所述卡持有者及所述运输服务者间的所述公用密码键对所述定购数据中所述发送地数据加密,该运输服务者则根据自身终端装置解码后的包含所述发送地数据的所述部分数据和所述商品销售者提供的指示进行所述商品的发送处理。通过这样的做法,商品的发送地只让所述当事者中所述运输服务者知道,从保密性的观点来看更为理想。However, at this time, it is preferable to only use the public encryption key between the card holder and the transport service provider to encrypt the data to be sent in the order data, and the transport service provider will decode it according to its own terminal device. The subsequent part of the data including the destination data and the instructions provided by the seller of the commodity are used to send the commodity. By doing so, the place of delivery of the product is known only to the transport service provider among the parties concerned, which is preferable from the viewpoint of confidentiality.

在本发明中,所述定购数据包含所述卡的号码及有效期,该号码及有效期的数据仅用所述卡持有者及卡管理者间公用的所述公用密码键加密。由此,使用所述货款支付用卡进行商务处理时,在实际结帐中最为重要的卡号码及有效期只能由必须知道该数据的所述卡管理者对所述加密定购数据解码后获知,反而言之,除该卡管理者及卡持有者外的当事者不能获得卡号码及有效期的数据。因此,能有效确保所述电子商务处理系统的安全性,同时能有效地防止在该商务处理中危险性最高的假冒商品销售者。In the present invention, the order data includes the number of the card and the validity period, and the data of the number and the validity period are encrypted only with the common encryption key shared between the card holder and the card manager. Therefore, when using the payment card for business processing, the most important card number and expiration date in the actual payment can only be known by the card manager who must know the data after decoding the encrypted order data. Conversely, parties other than the card manager and the card holder cannot acquire the data of the card number and expiration date. Therefore, the security of the e-commerce processing system can be effectively ensured, and at the same time, counterfeit product sellers who are the most dangerous in the e-commerce processing can be effectively prevented.

在以上所述本发明中,所述公用密码键,虽可用预先确定的其它办法在所述卡持有者与各当事者间进行均等分配,但所述卡持有者与该卡持有者以外的各当事者间的所述公用码键,在所述卡持有者一侧,最好是使该卡持有者以外各当事者固有且公开的标识符作用于该卡持有间预先备有的该卡持有者固有的秘密个人键而生成,在该卡持有者以外的各当事者一侧,最好使所述卡持有者固有且公开的标识符作用于该当事者预先备有的该当事者固有的秘密个人键而生成。这里,所述标识符可以是各当事者姓名,名称,住所,网络上的邮址,区域名或它们的组合等各当事者固定使用且公开的信息。In the above-mentioned present invention, although the public cryptographic key can be equally distributed between the card holder and the parties concerned by other predetermined methods, the card holder and the card holder cannot The said common code key between each party concerned, on the side of said card holder, it is preferable to make the inherent and public identifier of each party other than the card holder act on the pre-prepared identifier between the card holders. The card holder's unique secret personal key is generated. On the side of each party other than the card holder, it is preferable to make the card holder's unique and public identifier act on the party's pre-prepared identifier. Generated from the private private key inherent to the principal. Here, the identifier may be the name, title, address, email address on the Internet, area name or combination thereof of each party, which is permanently used and disclosed by each party.

这样一来,包括卡持有者的各当事者采用使应共有公用密码键的对方的标识符作用于自的所述秘密个人键来生成公用密码键的方式,各当事者只是将对方的标识符输入自己的秘密个人键而不事前确定或分配公用密码键,能够生成为所述商务处理所需的公用密码键。因此,本发明的电子商务处理系统可极其简单,且通用性强。而且公用密码键本身无需事先配置,故能确保通信数据的机密性,并能提高电子商务处理系统的安全性。In this way, each party including the card holder generates a public cryptographic key by applying the identifier of the other party who should share the public cryptographic key to his own secret personal key, and each party simply inputs the identifier of the other party. It is possible to generate the public encryption key required for the business process without determining or assigning the public encryption key in advance with one's own private private key. Therefore, the e-commerce processing system of the present invention can be extremely simple and highly versatile. Moreover, the public encryption key itself does not need to be configured in advance, so the confidentiality of the communication data can be ensured, and the security of the electronic commerce processing system can be improved.

关于上述公用密码键的生成方式,例如在Rolf Blom的论文“NON-PUBLIC KEY DISTRIBUTION/Advances in Cryptology:Proceedings ofCRYPTO’82/Plenum Press 1983,pp.231-236”,同样是Rolf Blom的论文“AnOptimal Class of Symmetric Key Generation Systems/Advances in Cryptology:EUROCRYPT’84/Springer LNCS 209,1985,pp.335-338”,或特公平5-48980号公报等中有揭示,这里省略其详细说明。Regarding the generation method of the above-mentioned public cryptographic key, for example, in Rolf Blom's paper "NON-PUBLIC KEY DISTRIBUTION/Advances in Cryptology: Proceedings of CRYPTO'82/Plenum Press 1983, pp.231-236", also Rolf Blom's paper "AnOptimal Class of Symmetric Key Generation Systems/Advances in Cryptology: EUROCRYPT'84/Springer LNCS 209, 1985, pp.335-338", or in the Special Publication No. 5-48980, etc., and its detailed description is omitted here.

本发明在进行上述加密定购数据通信前,上述各当事者最好预先与该加密定购数据的通信对方相互通信,以便对该通信对方的当事者进行确认。通过这样预先进行电子商务处理有关当事者的确认,能事先防止假冒商品销售者或卡管理者等带来的危害,从而进一步提高电子商务处理系统的安全性。In the present invention, before the encrypted order data is communicated, it is preferable that the above-mentioned parties communicate with the communication partner of the encrypted order data in advance so as to confirm the parties of the communication party. By confirming the person involved in the e-commerce processing in advance in this way, it is possible to prevent harm from counterfeit product sellers, card managers, etc. in advance, thereby further improving the security of the e-commerce processing system.

附图概述Figure overview

图1为本发明一实施形态电子商务处理系统的系统结构图,图2为表示图1系统中卡持有者侧数据处理的说明图,图3为表示图1系统中除卡持有者外的当事者侧数据处理的说明图。Fig. 1 is a system structure diagram of an e-commerce processing system according to an embodiment of the present invention, Fig. 2 is an explanatory diagram showing data processing on the card holder side in the system of Fig. An explanatory diagram of data processing on the principal side.

实施本发明的最佳形态Best Mode for Carrying Out the Invention

参照图1及图2说明本发明一实施形态。An embodiment of the present invention will be described with reference to FIG. 1 and FIG. 2 .

参看图1,本实施形态的电子商务处理系统中,持有信用卡(credit cart)、记帐卡(debit card)等货款支付用卡(未图示)的卡持有者的终端装置1,商品销售者终端装置2,对利用该卡完成货款支付进行管理的卡管理者(发卡公司)的终端装置3,担当商品销售者经营商品的发送业务的运输服务者的终端装置4,经国际互联网(internet)、个人计算机通信网等网络5相互连接,能够进行通信。这些卡持有者,商品销售者,卡管理者及运输服务者成为下文叙述的电子商务处理的当事者。Referring to Fig. 1, in the e-commerce processing system of the present embodiment, the terminal device 1 of the card holder who holds a payment card (not shown) such as a credit card (credit cart) and a debit card (debit card), the commodity The seller's terminal device 2, the terminal device 3 of the card manager (card issuing company) who manages the payment of the goods using the card, and the terminal device 4 of the transport service provider who is in charge of the delivery business of the commodity seller to manage the commodity, via the Internet ( Internet), personal computer communication network and other networks 5 are connected to each other and can communicate. These card holders, product sellers, card managers and transport service providers become parties involved in electronic commerce processing described below.

各当事者终端装置1-4由个人计算机等计算机装置构成。这些终端装置1-4包含用于在任何当事者间生成密码通信用公用密码键的公用密码键生成用系统的秘密个人键6,和用于这种公用密码键产生的通信数据加密/解码的加密/解码系统7,它们由软件或硬件构成,由未图示的发行密码键等中心事先将这些系统6、7分配给当事者。Each principal terminal device 1-4 is constituted by a computer device such as a personal computer. These terminal devices 1-4 contain the secret personal key 6 of the public encryption key generation system for generating public encryption keys for encrypted communication between any parties, and encryption for communication data encryption/decoding generated by this public encryption key. The/decoding systems 7 are composed of software or hardware, and these systems 6 and 7 are distributed to the parties in advance by a center that issues encryption keys not shown in the figure.

这里,上述秘密个人键6如上述Rolf Blom的论文或特公平5-48980号公报等中所见,为各当事者所固有,通过将通信对方的姓名、位所等各当事者所固有且公开的标识符输入各终端装置1-4,生成与其通信的对方公用的公用密码键。Here, the above-mentioned secret personal key 6, as seen in the above-mentioned paper of Rolf Blom or Japanese Patent Publication No. 5-48980, etc., is inherent to each party concerned, and the name and location of the communication partner are identified by each party's inherent and public identification. Characters are input into each terminal device 1-4 to generate a public encryption key shared by the other party communicating with it.

上述加密/解码系统7采用公知的DES(Data Encryption Standard:数据加密标准),借助所述公用密码键对通信数据加密(通信数据发送侧),或对该加密后的通信数据解码(通信数据接收侧)。The above-mentioned encryption/decoding system 7 adopts the known DES (Data Encryption Standard: Data Encryption Standard) to encrypt the communication data (communication data sending side) by means of the public encryption key, or decode the encrypted communication data (communication data receiving side). side).

具有如上结构的本实施形态的电子商务处理系统,可进行下面的电子商务处理。The electronic commerce processing system of the present embodiment having the above structure can perform the following electronic commerce processing.

首先,在本实施形态的系统中,各当事者通过网际互联网或个人计算机通信等,可借助各终端装置1-4随时与要进行下述加密定购数据通信的对方相互进行通信,由此,可事先确认作为应进行下述加密定购数据通信的当事者彼此的对方是否正确(通信对方的认证)。First of all, in the system of this embodiment, each party concerned can communicate with the other party who will carry out the following encrypted order data communication at any time through each terminal device 1-4 through the Internet or personal computer communication. It is confirmed whether or not the counterparty is correct as the parties who should communicate encrypted order data as described below (authentication of the communication partner).

卡持有者事先通过自身终端装置1与商品销售者终端装置2的通信(参看商品销售者的主页面(home page)等),或通过CD-ROM等记录媒体或杂志等参看商品销售者的商品目录,来获取商品销售者的商品信息。The card holder communicates with the product seller's terminal device 2 through his own terminal device 1 in advance (refer to the home page (home page) of the product seller, etc.), or refers to the product seller's website through a recording medium such as CD-ROM or a magazine, etc. Commodity catalog to obtain commodity information of commodity sellers.

当卡持有者要购买商品销售者的商品时,将其想法从卡持有者通知商品销售者,该商品销售者发送定购单格式的数据。该定购单格式数据也可由卡持有者自己事先从CD-ROM获取。When the card holder intends to purchase the commodity of the commodity seller, the commodity seller is notified of his idea from the card holder, and the commodity seller transmits data in the form of a purchase order. The order form format data can also be acquired in advance from a CD-ROM by the card holder himself.

接着,卡持有者按照取得的定购单格式通过自身终端装置1输入定购数据以便用自己的卡购买想要的商品。此时,作为输入的定购数据如图2所示有:卡持有者的姓名,住所,电话号码,传真号,卡持有者具有的卡号码及有效期,欲购买的商品的品名,数量,商品号,购买金额,货款支付方式(分期付款,一次性付款等),商品的发送地(包括收件人姓名,住所等)等。Next, the card holder inputs order data through the own terminal device 1 in accordance with the acquired order form to purchase desired goods with the own card. At this time, as shown in Figure 2, the order data for input includes: the name of the card holder, address, telephone number, fax number, card number and expiry date that the card holder has, the product name and quantity of the commodity to be purchased, Product number, purchase amount, payment method (installment payment, one-time payment, etc.), place of delivery of the product (including recipient's name, address, etc.), etc.

该定购数据当然不限于上述数据,只要包含卡持有者使用自己卡购买商品时作为该商务处理的当事者的商品销售者、卡管理者及运输服务者执行与该商品处理有关的各自处理(商品销售者确定定购者或定购内容,卡管理者对卡持有者进行认证及对货款进行结算,运输服务者发送商品等)所需的信息。Of course, the order data is not limited to the above-mentioned data, as long as the product seller, the card manager, and the transport service provider who are the parties involved in the business process when the card holder purchases the product using his/her own card execute the respective processes related to the product processing (commodity processing). Information necessary for the seller to identify the orderer or order content, the card manager to authenticate the card holder and settle the payment, and the transport service provider to deliver the product, etc.).

在作成上述定购数据后,卡持有者再通过自身的终端装置1从该定购数据中分别提取与商品销售者、卡管理者及运输服务者等各当事者有关部分的数据(这些预先加以确定),并加以复制。参照图2,如涉及商品销售者,从上述定购数据中复制卡持有者姓名,住所,电话号码,传真号,欲购商品的品名,数量,商品号,购买金额,货款的支付方式等用于确定定购者或定单内容的数据,与卡管理者有关的,则复制卡持有者姓名,住所,电话号码,传真号,卡持有者所具有的卡号及有效期,欲购商品的商品号,购买金额,货款支付方式等用于认证卡持有者或结算货款的数据。涉及运输服务者的,则复制卡持有者姓名,电话号码,传真号,发送地等为发送商品所必需的数据。After making the above-mentioned order data, the card holder extracts the data related to each party such as the commodity seller, the card manager, and the transport service provider (these are determined in advance) from the order data through the terminal device 1 of the card holder. , and copy it. With reference to Fig. 2, if it involves commodity sellers, copy the cardholder's name, address, telephone number, fax number, product name, quantity, commodity number, purchase amount, payment method of the payment, etc. from the above-mentioned order data. In order to determine the data of the orderer or the content of the order, if it is related to the card manager, copy the name, address, telephone number, fax number of the card holder, the card number and the validity period of the card holder, and the product number of the product to be purchased , purchase amount, payment method and other data used to authenticate the card holder or settle the payment. In the case of a transport service provider, the cardholder's name, telephone number, fax number, place of delivery, and other data necessary for delivery of the goods are copied.

卡持有者进行上述处理的程序,或自动进行这种处理的软件,由商品销售者向卡持有者发送所述定购单格式数据时,预先提供给该卡持有者。然后,卡持有者按照进行上述处理的程序或按照所给的软件进行。各当事者的每部分数据不限定于上述形态,例如所述传真号数据有时对所有当事者而言都不需要,另外,按照各国法律或习惯,卡管理者可不需要商品号,或商品销售者需要商品发送地。The program for the cardholder to perform the above-mentioned processing, or the software for automatically performing such processing, is provided to the cardholder in advance when the commodity seller sends the above-mentioned purchase form format data to the cardholder. The cardholder then follows the procedure for performing the above-mentioned processing or follows the given software. Each part of the data of each party is not limited to the above form. For example, the facsimile number data may not be necessary for all parties. In addition, according to the laws or customs of each country, the card manager may not need the product number, or the product seller may need the product number. sending place.

进而卡持有者将商品销售者、卡管理者及运输服务者各当事者的标识符分别输入其终端装置1中的所述秘密个人键6,分别生成与这些各当事者间密码通信用的所述公用密码键。此时,运输服务者由商品销售者确定,该运输服务者的标识符或卡持有者识别它所需信息(运输服务者的名称等)在如商品销售者将所述定购单格式数据发送给卡持有者时等事先供给该卡持有者。商品销售者及卡管理者由卡持有者本身确定,故该卡持有者已经知道商品销售者及卡管理者的标识符。Furthermore, the card holder inputs the identifiers of the principals of the commodity seller, the card manager and the transport service provider into the said secret personal key 6 in the terminal device 1 respectively, and generates the said key for cryptographic communication with these respective principals respectively. public cryptographic key. At this time, the transport service provider is determined by the commodity seller, and the identifier of the transport service provider or the information required by the card holder to identify it (the name of the transport service provider, etc.) When giving to the card holder, etc., it is given to the card holder in advance. The commodity seller and the card manager are determined by the card holder himself, so the card holder already knows the identifiers of the commodity seller and the card manager.

这样一来,从所述定购数据复制与商品销售者、卡管理者及运输服务者等各当事者有关的部分数据及生成与这些各当事者间的公用密码键后,卡持有者通过自身终端装置1的所述加密/解码系统7,如图2所示,用对应于各当事者的公用密码键对与各当事者有关部分数据加密,接着,将该加密后的各部分数据一起构成的加密定购数据与卡持有者的标识符作为一组通信数据从本身终端装置1经网络5发送给商品销售者的终端装置2(参看图1中虚线箭头X)。此时,与加密定购数据一起发送的卡持有者标识符未经加密。另外,也可与加密定购数据一起发送由商品销售者等各当事者能指定卡持有者标识符的信息(仅取卡持有者的姓名、住所等)来代替卡持有者的标识符。In this way, after copying part of the data related to each party involved such as the commodity seller, the card manager, and the transport service provider from the order data and generating a public encryption key with these parties, the card holder can The encryption/decoding system 7 of 1, as shown in FIG. 2, encrypts part of the data related to each party with a public encryption key corresponding to each party, and then encrypts the encrypted order data composed of the encrypted parts of the data together. The identifier with the card holder is sent as a set of communication data from the own terminal device 1 to the commodity seller's terminal device 2 via the network 5 (see dotted arrow X in FIG. 1 ). At this time, the cardholder identifier sent with the encrypted order data is unencrypted. In addition, instead of the cardholder's identifier, information (only the cardholder's name, address, etc.) that can specify the cardholder's identifier may be transmitted together with the encrypted order data.

此时,上述通信数据主要部分的加密定购数据,由于加了密,故不是当事者的第三者不能对其解读,能确保该通信数据的机密性。At this time, since the encrypted order data of the main part of the above-mentioned communication data is encrypted, a third party who is not the party concerned cannot decipher it, and the confidentiality of the communication data can be ensured.

此外,在终端装置2接收到上述通信数据(加密定购数据及卡持有者标识符)的商品销售者将包含在该通信数据中的卡持有者标识符输入自身终端装置2的秘密个人键6,生成与卡持有者共用的公用密码键。参看图3,商品销售者用所生成的公用密码键通过自身终端装置2的所述加密/解码系统7对所述加密定购数据中涉及本身的部分数据进行解码。由此,正式获取所述定购数据中持卡者的姓名,住所,电话号码,传真号,欲购商品的品名,数量,商品号,购买金额,货款支付方式等商品销售者所必需的数据。In addition, the product seller who has received the above-mentioned communication data (encrypted order data and card holder identifier) at the terminal device 2 inputs the card holder identifier included in the communication data into the secret personal key of his own terminal device 2. 6. Generate a public cryptographic key shared with the cardholder. Referring to FIG. 3 , the commodity seller uses the generated public encryption key to decode the part of data related to himself in the encrypted order data through the encryption/decoding system 7 of his own terminal device 2 . Thus, the cardholder's name, address, telephone number, fax number, product name, quantity, product number, purchase amount, payment method and other necessary data for commodity sellers in the order data are formally obtained.

此时,涉及商品销售者以外的当事者(卡管理者及运输服务者)的部分数据,由于通过与商品销售者及卡持有者间公用密码键不同的密码键加密,故商品销售者不能对这些部分数据解码,因此,不能获知如涉及卡管理者的卡号码或有效期或涉及运输服务者的发送地数据的内容。At this time, part of the data related to parties (card managers and transport service providers) other than the commodity seller is encrypted by a cryptographic key different from the public cryptographic key between the commodity seller and the card holder, so the commodity seller cannot These partial data are decoded, and therefore, the content such as the card number or expiry date related to the card manager or the destination data related to the transport service provider cannot be known.

进而,商品销售者从自身终端装置2经网络5向卡管理者终端装置3发送所述加密定购数据及卡持有者的标识符(参见图1中虚线箭头Y)。此时,虽可将商品销售者接收到的所有数据发送给卡管理者,但也可向卡管理者发送加密定购数据中仅与卡管理者有关的部分数据及卡持有者的标识符。Furthermore, the product seller sends the encrypted order data and the card holder's identifier to the card manager terminal device 3 from its own terminal device 2 via the network 5 (see dotted arrow Y in FIG. 1 ). At this time, although all the data received by the commodity seller can be sent to the card manager, it is also possible to send to the card manager only part of the encrypted order data related to the card manager and the card holder's identifier.

这样一来,用自身终端装置3从商品销售者终端装置2接收到加密定购数据及卡持有者标识符的卡管理者,与商品销售者情况一样,在将卡持有者标识符输入自身终端装置3的秘密个人键6生成与卡持有者公用的公用密码键后,如图3所示,用该公用密码键通过自身终端装置3中所述加密/解码系统7对所述加密定购数据中与自身有关的部分数据解码。由此,从所述定购数据中正式获取卡持有者的性名,住所,电话号码,传真号,卡持有者具有的卡号码及有效期,欲购商品的商品号,购买金额,货款支付方式等卡管理者所需数据。此时,卡管理者与商品销售者情况一样,不能获知所述加密定购数据中与自身无关的如仅与运输服务者有关的商品发送地等数据。In this way, the card manager who has received the encrypted order data and the card holder identifier from the product seller terminal device 2 with his own terminal device 3, as in the case of the product seller, enters the card holder identifier into himself. After the secret personal key 6 of the terminal device 3 generates a public cryptographic key shared with the cardholder, as shown in Figure 3, use the public cryptographic key to order the encrypted order through the encryption/decoding system 7 in the terminal device 3 itself. Part of the data related to itself is decoded. Thus, the card holder's name, address, telephone number, fax number, card number and validity period of the card holder, product number of the product to be purchased, purchase amount, and payment are officially obtained from the order data. mode and other data required by the card manager. At this time, the card manager is the same as the product seller, and cannot know the data such as the place of delivery of the product that is only related to the transport service provider in the encrypted order data that is not related to itself.

此后,获取上述数据的卡管理者,根据卡持有者的姓名,电话号码,卡号码及有效期等数据,对卡持有者进行认证(卡持有者是不是正当的卡用户),并将该认证结果通知商品销售者。若卡持有者为正当卡用户,则按购买金额、货款支付方式等数据进行处理,以便从卡持有者的启头中扣除货款。Afterwards, the card manager who obtains the above data will authenticate the card holder (whether the card holder is a legitimate card user) based on the card holder's name, phone number, card number and expiration date, and send The result of the authentication is notified to the product seller. If the card holder is a legitimate card user, it will be processed according to the purchase amount, payment method and other data, so as to deduct the payment from the card holder's account.

若该认证结果正确,则接收到卡管理者来的该认证结果通知的商品销售者从自身终端装置2经网络5向运输服务者终端装置4发送所述加密定购数据及卡持有者标识符(参看图1中虚线箭头Z),同时根据该商品销售者获得的部分数据向运输服务者委托商品发送,再根据需要安排商品进货等。此时,也可将加密定购数数据中仅与运输服务者有关的部分数据与卡持有者标识符一起发送给运输服务者。If the authentication result is correct, the commodity seller who has received the notification of the authentication result from the card manager sends the encrypted order data and the card holder identifier to the transport service provider terminal device 4 through the network 5 from his own terminal device 2. (See dotted line arrow Z in Fig. 1), at the same time, according to the part of the data obtained by the seller of the commodity, entrust the delivery of the commodity to the transport service provider, and then arrange the purchase of the commodity according to the needs. At this time, only part of the encrypted order data related to the shipping service provider may be sent to the shipping service provider together with the card holder identifier.

然后,与商品销售者及卡管理者的情况一样,从商品销售者接收到加密定购数据及卡持有者标识符的运输服务者,在将卡持有者标识符输入自身终端装置4的秘密个人键6生成与卡持有者公用的公用密码键后,如图3所示,用该公用密码键通过自身终端装置4中所述加密/解码系统7对所述加密定购数据中与自身有关的部分数据解码。由此,正式获取所述定购数据中的卡持有者姓名,电话号码,传真号,发送地等运输服务业者所必需的数据。此时,运输服务者与商品销售者或卡管理者情形一样,不能获知所述加密定购数据中与自身有关数据以外的如卡号码及有效期等数据。Then, as in the case of commodity sellers and card managers, the shipping service provider who has received the encrypted order data and the card holder identifier from the commodity seller enters the card holder identifier into the secret key of the terminal device 4 of itself. After the personal key 6 generates a public cryptographic key shared with the cardholder, as shown in Figure 3, use the public cryptographic key to pass through the encryption/decoding system 7 in the self-terminal device 4 to encrypt the encrypted order data related to itself. Partial data decoding. In this way, data necessary for the transportation service provider, such as the card holder's name, telephone number, facsimile number, and destination, among the order data, are formally acquired. At this time, the transport service provider, like the commodity seller or the card manager, cannot know the data other than the data related to itself in the encrypted order data, such as the card number and the expiration date.

获取上述发送地等数据的运输服务者根据该数据和商品销售者的指示,进行商品发送。The transport service provider who has obtained the above-mentioned data on the destination of delivery, etc., sends the product based on the data and the instruction of the product seller.

在如上构成的本实施形态的电子商务处理系统中,分别用与各个当事者间各个不同的公用密码键对卡持有者作成的定购数据中与各当事者(商品销售者、卡管理者及运输服务者)有关的数据进行加密,并经通信将这些加密后的部分数据分配给各当事者,故能确保定购数据的机密性。同时,各当事者利用与卡持有者间的公用密码键可自由获取定购数据中所需数据,另一方面反过来说也只能获知必要数据。因此,如商品销售者或运输服务者则不能获知用卡进行商务处理上最重要的卡号或有效期。为此,假设即使第三者假冒商品销售者或运输服务者,由于不能获得卡号码或有效期等重要信息,因而也不会得逞,从而能防止假冒商品销售者或运输服务者。In the e-commerce processing system of the present embodiment constituted as above, each party (commodity seller, card manager, and transportation service provider) is associated with each party (commodity seller, card manager, and transport service provider) in the order data created by the card holder with a public encryption key different from each party's. (or) the relevant data is encrypted, and the encrypted part of the data is distributed to each party through communication, so the confidentiality of the order data can be ensured. At the same time, each party can freely obtain the required data in the order data by using the public encryption key with the card holder, and on the other hand, only the necessary data can be obtained conversely. Therefore, the most important card number or expiry date for commercial processing with a card cannot be known to a commodity seller or a transport service provider. For this reason, it is assumed that even if a third party impersonates a product seller or a transport service provider, it cannot succeed because important information such as a card number or an expiration date cannot be obtained, thereby preventing counterfeiting of a product seller or a transport service provider.

包括卡持有者在内的各当事者事先与要进行所述加密定购数据通信的对方进行通信,确认对方当事者,故不仅能防止假冒商品销售者或运输服务者,还能防止假冒卡管理者。Each party including the card holder communicates in advance with the other party who will communicate the encrypted order data and confirms the party party, so not only counterfeit product sellers and transport service providers can be prevented, but also counterfeit card managers can be prevented.

本申请的发明人用本实施形态的电子商务处理系统进行的试验证实,在种种假冒等侵入系统的情况下,能完全抵制这类侵入。The inventors of the present application conducted experiments using the electronic commerce processing system of this embodiment to prove that, in the case of intrusions into the system by various counterfeiters, such intrusions can be completely resisted.

在该实施形态中,只用运输服务者与卡持有者间的公用密码键对商品发送地加密,故商品销售者或卡管理者不能获知该数据,因此,卡持有者在将所购商品赠于别人等情况下能加以保密。In this embodiment, only the public encryption key between the transport service provider and the card holder is used to encrypt the place where the product is sent, so the product seller or the card manager cannot know the data. Confidentiality can be kept when the product is given as a gift to others.

卡持有者欲购商品时,所述加密定购数据经由商品销售者终端装置2分送给该商品销售者外的卡管理者或运输服务者,故卡持有者只要将加密定购数据发送给商品销售者终端装置2就可以,能方便地购买商品。When the card holder intends to purchase commodities, the encrypted order data is distributed to the card manager or transport service provider other than the commodity seller via the commodity seller terminal device 2, so the card holder only needs to send the encrypted order data to The product seller terminal device 2 is all that is needed, and the product can be purchased conveniently.

在本实施形态中,卡持有者对与商品销售者、卡管理者及运输服务者有关的部分数据加密,而且各当事者只要将所需当事者的标识符输入设于自身终端装置1-4中的秘密个人键,就能生成商品销售者、卡管理者及运输服务者将自己部分数据进行解码用的公用密码键,故每当进行商务处理时,没有必要决定当事者间的公用密码键或从其它中心分配公用密码键,故能简单进行商务处理。In this embodiment, the card holder encrypts part of the data related to the commodity seller, the card manager and the transport service provider, and each party only needs to input the identifier of the required party in the terminal device 1-4. The secret personal key can generate a public encryption key for commodity sellers, card managers, and transport service providers to decode some of their own data. Therefore, it is not necessary to determine the public encryption key between the parties or from the Other centers distribute common encryption keys, so business processes can be easily performed.

因此,本实施形态的电子商务处理系统可作为一种安全、简单、具有通用性的系统。Therefore, the electronic commerce processing system of this embodiment can be used as a safe, simple, and versatile system.

在以上说明的本实施形态中,所示系统包含运输服务者作为电子商务处理当事者,但也可构成不包含该运输服务者的系统,或构成包含国际互联网供应商(internet provider)等网关(gateway)管理者或键认证局等作为当事者的系统。In the present embodiment described above, the system shown includes the transportation service provider as the person involved in the e-commerce processing, but it is also possible to configure a system that does not include the transportation service provider, or constitute a gateway (gateway) including an Internet provider (internet provider) or the like. ) The system in which the administrator or key certification authority is the party concerned.

在本实施形态中,所示系统由各当事者将所需当事者的标识符输入设于自身终端装置1-4的秘密个人键来生成公用密码键,但也可以用其它办法在当事者间确定公用密码键或从中心分配公用密码键。工业上的可应用性In this embodiment, the shown system generates a public encryption key by each principal inputting the identifier of the required principal into the secret personal key provided on the terminal device 1-4 of the principal, but it is also possible to use other methods to determine the public encryption key among the principals. keys or assign public cryptographic keys from the center. Industrial applicability

本发明能适用于在国际互联网、个人计算机通信网等网络上通过用个人计算机等终端装置联机通信使用信用卡或记帐卡等货款支付用卡进行商务处理的系统。The present invention can be applied to a system that conducts business processing with a payment card such as a credit card or debit card through on-line communication with a terminal device such as a personal computer on a network such as the Internet or a personal computer communication network.

Claims (5)

1. electronic commerce processing system, it is characterized in that, be a kind of to major general's commodity seller, use the payment for goods payment to buy the card holder of commodity and pay the card supvr that manages as the party from described commodity seller to utilizing this card to finish payment for goods with card, by comprising the end device system that business processing is carried out in on-line communication in interior network that each party has
When described card holder uses described card to buy commodity from described commodity seller; This card holder by terminal installation own with only respectively with each party between effectively the common key key to buy described commodity with the Partial encryption relevant with each party except this card holder in the order data after; To comprise that encryption order data that these data after encrypting consist of together sends to each party except this card holder from this card holder terminal installation via the communication of described commodity seller terminal device
Each party who receives this encryption order data uses with the public described common key key of described card holder by end device separately the partial data that only relates to itself in the described encryption order data is decoded,
In the party who carries out this decoding, described card supvr is according to the decoded partial data of self end device, comprise to what described commodity seller provided processing that described card holder is authenticated relating to the gerentocratic business processing of card,
Described commodity seller is according to the authentication to described card holder that the decoded partial data of self end device and described card supvr provide, be included as send described commodity processing in the interior business processing that relates to this commodity seller.
2. electronic commerce processing system as claimed in claim 1 is characterized in that, described order data comprises the transmission ground of described commodity, and described party comprises the transportation service person who sends described commodity simultaneously,
Only with the described common key key between described card holder and described transportation service person to sending the ground data encryption described in the described order data,
This transportation service person then carries out the transmission processing of described commodity according to the described partial data of the decoded data of self end device and the indication that described commodity seller provides with comprising described transmission.
3. electronic commerce processing system as claimed in claim 1 is characterized in that, described order data comprises the number and the term of validity of described card, and the data of this number and the term of validity are only encrypted with public described common key key between described card holder and card supvr.
4. electronic commerce processing system as claimed in claim 1, it is characterized in that, the described common key key of respectively working as person between thing beyond described card holder and this card holder, in described card holder one side, be to make the intrinsic and disclosed identifier of each party beyond this card holder act on the intrinsic secret individual key of this card holder that this card holder has in advance and generate, in this card each party's one side beyond the holder, be to make the intrinsic and disclosed identifier of described card holder act on the intrinsic secret individual key of this party that this party has in advance and generate.
5. electronic commerce processing system as claimed in claim 1, it is characterized in that, before carrying out the communication of described encryption order data, described each party can intercom with the communication counterpart of this encryptions order data in advance mutually, and the party of this communication counterpart is said the row affirmation.
CN97192329A 1996-02-21 1997-02-19 e-commerce processing system Pending CN1211330A (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP70834/96 1996-02-21
JP7083496 1996-02-21

Publications (1)

Publication Number Publication Date
CN1211330A true CN1211330A (en) 1999-03-17

Family

ID=13443006

Family Applications (1)

Application Number Title Priority Date Filing Date
CN97192329A Pending CN1211330A (en) 1996-02-21 1997-02-19 e-commerce processing system

Country Status (8)

Country Link
EP (1) EP0791901A3 (en)
KR (1) KR19990087102A (en)
CN (1) CN1211330A (en)
AU (1) AU1810597A (en)
CA (1) CA2247479A1 (en)
IL (1) IL125831A0 (en)
TW (1) TW357525B (en)
WO (1) WO1997031321A1 (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7379902B2 (en) 2000-11-30 2008-05-27 Pioneer Corporation Apparatus and method for editing and selling creature data
CN102708508A (en) * 1999-03-26 2012-10-03 摩托罗拉移动公司 Secure wireless electronic-commerce system with wireless network domain
CN101918954B (en) * 2008-01-16 2014-06-25 联邦印刷有限公司 Method for reading attributes from an ID token

Families Citing this family (17)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6119101A (en) 1996-01-17 2000-09-12 Personal Agents, Inc. Intelligent agents for electronic commerce
GB2332833A (en) * 1997-12-24 1999-06-30 Interactive Magazines Limited Secure credit card transactions over the internet
US7263497B1 (en) 1998-02-06 2007-08-28 Microsoft Corporation Secure online music distribution system
CA2308759A1 (en) * 1998-09-04 2000-03-16 Impower, Inc. Electronic commerce with anonymous shopping and anonymous vendor shipping
JP2000113085A (en) * 1998-10-08 2000-04-21 Sony Corp Electronic cash system
US7353194B1 (en) 1999-03-02 2008-04-01 Alticor Investments, Inc. System and method for managing recurring orders in a computer network
US7359871B1 (en) 1999-03-02 2008-04-15 Alticor Investments Inc. System and method for managing recurring orders in a computer network
US6980962B1 (en) 1999-03-02 2005-12-27 Quixtar Investments, Inc. Electronic commerce transactions within a marketing system that may contain a membership buying opportunity
WO2000062265A1 (en) * 1999-04-09 2000-10-19 Liquid Audio, Inc. Secure online music distribution system
EP1065634A1 (en) * 1999-07-02 2001-01-03 Mic Systems System and method for performing secure electronic transactions over an open communication network
EP1210697A1 (en) * 1999-09-07 2002-06-05 Swisscom Mobile AG Ordering method
KR100671795B1 (en) * 2000-03-31 2007-01-19 (주)이니시스 Card payment information processing computer
KR20020009062A (en) * 2000-07-22 2002-02-01 유평래 The Operating System of Processing to use encryption algorithm of User-certification and Credit-card data of a electronic commercial transaction on Computer networks
EP1296257A1 (en) * 2001-09-21 2003-03-26 Siemens Dematic AG Electronic cash on delivery
US8117450B2 (en) * 2001-10-11 2012-02-14 Hewlett-Packard Development Company, L.P. System and method for secure data transmission
DE10336805A1 (en) * 2003-08-11 2005-06-23 Siemens Ag Method for transmitting protected information to multiple recipients
US20130030904A1 (en) 2011-07-28 2013-01-31 American Express Travel Related Services Company, Inc. Systems and methods for generating and using a digital pass

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPS6256043A (en) * 1985-09-04 1987-03-11 Hitachi Ltd Electronic trading method
JPS6336634A (en) * 1986-07-31 1988-02-17 Advance Co Ltd Cryptographic key common use system and equipment using same system
US4799156A (en) * 1986-10-01 1989-01-17 Strategic Processing Corporation Interactive market management system
US5365589A (en) * 1992-02-07 1994-11-15 Gutowitz Howard A Method and apparatus for encryption, decryption and authentication using dynamical systems
CA2100134C (en) * 1992-09-29 1999-06-22 Raymond Otto Colbert Secure credit/debit card authorization
JP2987018B2 (en) * 1992-10-28 1999-12-06 株式会社日立製作所 Home shopping system
WO1996004618A1 (en) * 1994-08-05 1996-02-15 Hughes Thomas S System for remote purchase payment and remote bill payment transactions

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102708508A (en) * 1999-03-26 2012-10-03 摩托罗拉移动公司 Secure wireless electronic-commerce system with wireless network domain
CN102708508B (en) * 1999-03-26 2016-08-10 谷歌技术控股有限责任公司 There is the secure wireless electronic commerce system of wireless network domains
US7379902B2 (en) 2000-11-30 2008-05-27 Pioneer Corporation Apparatus and method for editing and selling creature data
CN101918954B (en) * 2008-01-16 2014-06-25 联邦印刷有限公司 Method for reading attributes from an ID token

Also Published As

Publication number Publication date
AU1810597A (en) 1997-09-10
TW357525B (en) 1999-05-01
KR19990087102A (en) 1999-12-15
EP0791901A2 (en) 1997-08-27
EP0791901A3 (en) 1999-09-15
CA2247479A1 (en) 1997-08-28
WO1997031321A1 (en) 1997-08-28
IL125831A0 (en) 1999-04-11

Similar Documents

Publication Publication Date Title
US7353532B2 (en) Secure system and method for enforcement of privacy policy and protection of confidentiality
US7028180B1 (en) System and method for usage of a role certificate in encryption and as a seal, digital stamp, and signature
US6363365B1 (en) Mechanism for secure tendering in an open electronic network
CN1211330A (en) e-commerce processing system
US7333615B1 (en) Encryption between multiple devices
US20100153273A1 (en) Systems for performing transactions at a point-of-sale terminal using mutating identifiers
US20010056409A1 (en) Offline one time credit card numbers for secure e-commerce
US20060173794A1 (en) Secure electronic commerce using mutating identifiers
CN104022883B (en) A kind of personal information protection shopping at network technology based on logistics network
AU2001287164A1 (en) Method and system for using electronic communications for an electronic contact
WO2002013435A1 (en) Method and system for using electronic communications for an electronic contact
TWI591553B (en) Systems and methods for mobile devices to trade financial documents
CN101938471A (en) Secure Electronic Information Request Delivery System
US20040054624A1 (en) Procedure for the completion of an electronic payment
Gupta et al. Role of multiple encryption in secure electronic transaction
KR100468031B1 (en) Publication and settlement of account for an electronic check
Dwivedi et al. A cryptographic algorithm analysis for security threats of Semantic E-Commerce Web (SECW) for electronic payment transaction system
Ashrafi et al. Enabling privacy-preserving e-payment processing
Barskar et al. The algorithm analysis of e-commerce security issues for online payment transaction system in banking technology
JPH10149396A (en) Commercial transaction system
CA2237441C (en) A mechanism for secure tendering in an open electronic network
CN115170132B (en) Payment method suitable for high-speed post network member system
HK1018972A (en) Electronic commerce system
CN1866820B (en) Secure Electronic Information Request Delivery System
JP2019125882A (en) Electronic commerce system, communication terminal, third party organization server, electronic commerce method, and program

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C02 Deemed withdrawal of patent application after publication (patent law 2001)
WD01 Invention patent application deemed withdrawn after publication
REG Reference to a national code

Ref country code: HK

Ref legal event code: WD

Ref document number: 1018972

Country of ref document: HK